Adobe Patches Flash; Windows, Mac Users Under Attack

Adobe patched two critical security flaws in Flash Player, both of which were under active attack. If you don't have automatic updates enabled, you need to download the latest version and install it immediately.

The company is aware of attacks in the wild targeting Flash versions for Windows and Mac OS X, Adobe said in its emergency security advisory released Feb. 7. Users on these operating systems running Flash Player 11.5.502.146 and earlier should update to the latest Adobe Flash Player 11.5.502.149 as soon as possible, Adobe said in its advisory. Adobe also released updated Flash Player versions for Linux and Android, but these two platforms are not currently under attack.

Google will automatically update the Flash Player integrated inside Chrome and Microsoft will do the same for Internet Explorer 10. Users can check here to see what Flash version they have installed and whether they need to update.

"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in the advisory.

Bugs Under AttackAttackers exploited CVE-2013-0633 via a booby-trapped Microsoft Word document containing malicious Flash code attached to an email. This exploited targeted the ActiveX version of Flash Player on Windows, according to Adobe. A successful compromise would result in the attacker being able to remotely execute code and have full control, Adobe warned.

The other vulnerability, CVE-2013-0634, targeted Safari and Firefox on Mac OS X. Users who landed on the website hosting malicious Flash content triggered a drive-by-download attack. A drive-by-download refers to a style of attack that executes automatically without the user having to do anything. This vulnerability is also being used against Windows users via malicious Word documents. This bug, if exploited successfully, would also give the attacker full control of the computer.

A drive-by-download is dangerous because "the usual user interaction, warnings and safeguards in your software are bypassed so that merely reading a web page or viewing a document could result in a surreptitious background install," Paul Ducklin, of Sophos, wrote on the Naked Security blog.

Targeted Attacks Against Who?There aren't a lot of details about the attacks themselves, but Adobe credited members of the Shadowserver Foundation, Lockheed Martin's Computer Incident Response Team, and MITRE for reporting the Mac vulnerability. Kaspersky Lab researchers are credited with finding the Windows bug. It's possible that Lockheed Martin and MITRE were named because they found the malicious Word documents in a targeted attack against their systems. Such attacks are common in the defense, aerospace, and other industries, and Lockheed Martin has seen similar attacks in the past.

Researchers with FireEye Malware Intelligence Lab have analyzed the Word documents used to target Windows systems and identified an action script named "LadyBoyle" within the Flash code. The LadyBoyle script drops multiple executable files and a DLL library file onto Windows machines with the ActiveX component installed, Thoufique Haq, a FireEye researcher, wrote on the lab's blog. While the attack files were compiled as recently as Feb. 4, the malware family is not new and has been observed in previous attacks, Haq said.

"It is interesting to note that even though the contents of Word files are in English, the codepage of Word files are 'Windows Simplified Chinese (PRC, Singapore)'," Haq wrote.

One of the dropped executable files also has an invalid digital certificate from MGame, a Korean gaming company. Like many other types of active malware, this particular variant checks if antivirus tools from Kaspersky Lab or ClamAV is running on the system, according to FireEye.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service

//Stay Connected

Get Product Reviews, Deals, & the Latest News from PCMag

sign up

Plus, get a free copy of PCMag for your iPhone or iPad today.

Offer valid for new PCMag app downloads only. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy.

THANK YOU FOR SUBSCRIBING!

Please follow this link (or search for the PC Magazine app on your iPad or iPhone) to get your free issue. Offer valid for new app downloads.

//Featured Programs

//our current issue

Select Term:

24 issues for $29.99 ONLY $1.25 an issue! Lock in Your Savings!

12 issues for $19.99ONLY $1.67 an issue!

State

Country

This transaction is secure

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service